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DETAILED ACTION 

Response to Arguments 

Applicant's arguments filed 1 1/14/08 have been fully considered but they are not persuasive. 

1 . Applicant argues that claims 1 and 5 now require: said plurality of sources including a 
local store arranged in operation to store previous authentication ratings for a plurality of entities, 
and said analysis step involving combining previous authentication ratings for said entity with 
one or more current authentication ratings for said entity. This claim feature is not taught or 
suggested by Ross. The databases 1 12a to d referred to by the Examiner in his argument 
rejecting original claim 4 are not arranged in operation to store previous authentication ratings. 
Instead they are third-party databases which store information about people with whom those 
third parties have dealings. Examples include information held by the U.S. Postal Service, 
VISANET, the Social Security Administration, the Internal Revenue Service, etc. (see 
paragraphs [0032] and [0033] of Ross. Ross simply does not propose a store arranged in 
operation to store previous authentication ratings and the subsequent use of those previous 
authentication ratings in deriving a new authentication rating. Hence, the present claims 
patentably define over Ross. 

2. However, the Examiner respectfully disagrees. As a first matter of interpreting the claim 
language the Examiner has reviewed support for the amendments found in the present 
specification at page 4, lines 20-23, page 5, line 8, and page 5, line 32 through page 6, line 1 and 
claim 4 as originally filed and point out by the Applicant. 

3. Page 5, line 32 through page 6, line 1 reads As already mentioned, after a case has been 
evaluated, the authentication result is stored in the local user case database 7 by the system, 
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including the date and timestamp of the transaction. When the same user makes a request at any 
future date this information is 5 retrieved from the database and combined with the current trust 
ratings to generate a new evaluation. " Specifically, the length of time a user has been known to 
the system can form one input to a fuzzy rule which allocates an increased level of trust 
proportional to the length of time a user has been known to the system (presuming no violation 
by that user of any resource has been recorded by the system) "f i.Q., the level of 
confidence/trust]. 

4. Ross teaches in at least the abstract that the verification engine presents the user with the 
queries and the user's responses are presented to each corresponding database operator for 
validation. The database operators then return a confidence indication for the verification step 
and the verification engine combines the confidence indication from each database operator into 
a combined confidence indication used in authentication of the remote user. At least Paragraph 
0026 teaches each database 1 12a through 1 12d that receives the information checks it against the 
identifying information it stores for the subject 108 and returns a confidence indication 122a 
through 122d to the verification engine. The verification engine 100 combines the individual 
confidence indications 122a through 122d into a combined confidence indication 124 that is 
provided to the authentication client 1 10 for authenticating the subject 108. Therefore, Ross 
would still read on said plurality of sources including a local store arranged in operation to store 
previous authentication ratings for a plurality of entities, and said analysis step involving 
combining previous authentication ratings for said entity with one or more current authentication 
ratings for said entity. The databases of Ross take the current query in addition to stored 
confidence ratings and provides a basis for authentication based on the combination. 
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5. Therefore, in view of the above amendments and remarks, it is respectfully 

noted that all of claims 1-3,5-7 and 10-11, now standing in the application, are not allowable and 

the case cannot be passed to issue. 

Claim Rejections - 35 USC §102 
1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign countr) or in public use or on 
sale in this country, more than one year prior lo the dale of application for patent in the United States. 

Claims 1-7 and 10-11 are rejected under 35 U.S.C. 102(b) as being anticipated by Ross WO 
02/41114 A2. 

Consider claim 1, Ross teaches a method for generating an authentication rating for an 
entity, comprising: receiving a message identifying an entity (e.g., an entity wishes to 
Authenticate a user) (see at least abstract, figure 1 and paragraphs 0025-0027), which 
message requires authentication of said entity(e.g., remote user authentication)( see at least 
abstract, figure 1 and paragraphs 0025-0027); receiving data from each of a plurality of 
sources (e.g., see paragraphs 0025, 0035-0041 and figures 1-2), said data representing at least 
a rating for said authentication according to a criteria(e.g., see paragraphs 0025, 0035-0041 and 
figures 1-2); analyzing said received data using a set of predefined fuzzy inferencing rules so as 
to calculate an authentication rating for said entity (e.g., see paragraphs 0025, 0035-0041 and 
figures 1-2). said plurality of sources including a local store arranged in operation to store 
previous authentication ratings for a plurality of entities (e.g., paragraphs 0025, 0035-0041 and 
figures 1-2 and remarks above), and said analysis step involving combining previous 
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authentication ratings for said entity with one or more current authentication ratings for said 
entity(e.g., paragraphs 0025, 0035-0041 and figures 1-2 and remarks above). 

Consider claim 5, Ross teaches a system for generating an authentication rating for an 
entity, comprising: receiving means for receiving a message identifying an entity e.g., an entity 
wishes to Authenticate a user) ( see at least abstract, figure 1 and paragraphs 0025-0027), 
which message requires identification of said entity(e.g., remote user authentication )( see at 
least abstract, figure 1 and paragraphs 0025-0027); the receiving means being further 
arranged to receive in use from each of a plurality of sources data representing a rating of said 
entity according to a criteria(e.g., see paragraphs 0025, 0035-0041 and figures 1-2); and 
processing means arranged in use to analyze said received data using a set of predefined fuzzy 
inferencing rules so as to calculate an authentication rating for said entity(e.g., see paragraphs 
0025, 0035-0041 and figures l-2);said plurality of sources including a local store arranged in 
operation to store previous authentication ratings for a plurality of entities (e.g., paragraphs 
0025, 0035-0041 and figures 1-2 and remarks above), and said analysis step involving 
combining previous authentication ratings for said entity with one or more current authentication 
ratings for said entity(e.g., paragraphs 0025, 0035-0041 and figures 1-2 and remarks above). 

Consider claim 2 and as applied to claim 1, Ross teaches wherein said data from each 
source comprise data representing a trust rating for said entity and data representing an 
associated confidence rating (i.e., a verification regarding the level of safety)(e.g., see 
paragraphs 0014, 0035 and 0041). 

Consider claim 3 and as applied to claim 2, Ross teaches wherein the analysis 
comprises: combining said plurality of data representing a trust rating using a first predefined set 
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of fuzzy inferencing rules so as to calculate a combined trust rating(e.g., see paragraphs 0014, 
0025, 0035-0041 and figures 1-2); combining said plurality of confidence rating data using a 
second predefined set of fuzzy inferencing rules to calculate a combined confidence rating (i.e., a 
database of information and a set of queries based on a subset of all queries) (e.g., see 
paragraphs 0014, 0025, 0035-0041 and figures 1-2); and then analyzing said combined trust 
rating and said combined confidence rating using a third predefined set of fuzzy inferencing rules 
so as to calculate said authentication rating(i.e., a database of information and a set of queries 
based on a subset of all queries) (e.g., see paragraphs 0014, 0025, 0035-0041 and figures 1- 
2). 

Consider claim 6 and as applied to claim 5, Ross teaches said processing means being 
further arranged to compare said authentication rating with a predefined policy so as to 
determine whether to issue, an authenticate signal (e.g., see paragraphs 0014, 0025, 0035-0041 
and figures 1-2). 

Consider claims 7 and 10-11 and as applied to claims 1 and 2-3, Ross teaches 
computer readable storage medium storing a computer program or at least one of a suite of 
computer programs as claimed (e.g., see computer readable storage mediums and programs 
as noted figures 1 and 2 in context of description provided by the disclosure). 

Conclusion 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
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MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CHARLES SHEDRICK whose telephone number is (571)272- 
8621. The examiner can normally be reached on Monday thru Friday 8:00AM-4:30PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Lester Kincaid can be reached on (571)-272-7922. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 

may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 

like assistance from a USPTO Customer Service Representative or access to the automated 

information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Charles Shedrick/ 
Examiner, Art Unit 2617 
/Lester Kincaid/ 

Supervisory Patent Examiner, Art Unit 2617 
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